Miggo Logo
Miggo Vulnerability Database
CVE-2020-7695

CVE-2020-7695: HTTP response splitting in uvicorn

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-7695
GHSA ID
GHSA-f97h-2pfx-f59f
EPSS Score
0.5289%
CWE
CWE-74
Published
7/29/2020
Updated
11/18/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
uvicornpip< 0.11.70.11.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper neutralization of CRLF sequences in HTTP headers. The Snyk PoC demonstrates that user-controlled input (like URL path) is directly used in headers without escaping. The 'send' method in HttpToolsProtocol is responsible for constructing and writing HTTP responses, making it the logical point where header sanitization should occur. The lack of CRLF escaping in this function matches the described vulnerability mechanism. The high confidence comes from the vulnerability's nature (header injection) and the standard ASGI server architecture where response construction occurs in protocol handlers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Uvi*orn ***or* *.**.* is vuln*r**l* to *TTP r*spons* splittin*. *RL* s*qu*n**s *r* not *s**p** in t** v*lu* o* *TTP *****rs. *tt**k*rs **n *xploit *xploit t*is to *** *r*itr*ry *****rs to *TTP r*spons*s, or *v*n r*turn *n *r*itr*ry r*spons* *o*y, w**

Reasoning

T** vuln*r**ility st*ms *rom improp*r n*utr*liz*tion o* *RL* s*qu*n**s in *TTP *****rs. T** Snyk Po* **monstr*t*s t**t us*r-*ontroll** input (lik* URL p*t*) is *ir**tly us** in *****rs wit*out *s**pin*. T** `'s*n*'` m*t*o* in `*ttpToolsProto*ol` is r